Test ID:	1.3.6.1.4.1.25623.1.0.108627
Category:	Web application abuses
Title:	Apache Struts Security Update (S2-020) - Version Check
Summary:	Apache Struts is prone to multiple vulnerabilities.
Description:	Summary: Apache Struts is prone to multiple vulnerabilities. Vulnerability Insight: The default upload mechanism in Apache Struts 2 is based on Commons FileUpload version 1.3 which is vulnerable and allows DoS attacks. Additional ParametersInterceptor allows access to 'class' parameter which is directly mapped to getClass() method and allows ClassLoader manipulation. Vulnerability Impact: A remote attacker can execute arbitrary Java code via crafted parameters or cause a Denial of Service. Affected Software/OS: Apache Struts 2.0.0 through 2.3.16.1. Solution: Update to version 2.3.16.2 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0050 BugTraq ID: 65400 http://www.securityfocus.com/bid/65400 Bugtraq: 20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library (Google Search) http://www.securityfocus.com/archive/1/532549/100/0/threaded Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded Debian Security Information: DSA-2856 (Google Search) http://www.debian.org/security/2014/dsa-2856 http://seclists.org/fulldisclosure/2014/Dec/23 https://security.gentoo.org/glsa/202107-39 HPdes Security Advisory: HPSBGN03329 http://marc.info/?l=bugtraq&m=143136844732487&w=2 http://jvn.jp/en/jp/JVN14876762/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017 http://www.mandriva.com/security/advisories?name=MDVSA-2015:084 http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E RedHat Security Advisories: RHSA-2014:0252 http://rhn.redhat.com/errata/RHSA-2014-0252.html RedHat Security Advisories: RHSA-2014:0253 http://rhn.redhat.com/errata/RHSA-2014-0253.html RedHat Security Advisories: RHSA-2014:0400 http://rhn.redhat.com/errata/RHSA-2014-0400.html http://secunia.com/advisories/57915 http://secunia.com/advisories/58075 http://secunia.com/advisories/58976 http://secunia.com/advisories/59039 http://secunia.com/advisories/59041 http://secunia.com/advisories/59183 http://secunia.com/advisories/59184 http://secunia.com/advisories/59185 http://secunia.com/advisories/59187 http://secunia.com/advisories/59232 http://secunia.com/advisories/59399 http://secunia.com/advisories/59492 http://secunia.com/advisories/59500 http://secunia.com/advisories/59725 http://secunia.com/advisories/60475 http://secunia.com/advisories/60753 http://www.ubuntu.com/usn/USN-2130-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-0094 BugTraq ID: 65999 http://www.securityfocus.com/bid/65999 Bugtraq: 20140306 [ANN] Struts 2.3.16.1 GA release available - security fix (Google Search) http://www.securityfocus.com/archive/1/531362/100/0/threaded http://jvn.jp/en/jp/JVN19294237/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045 http://www.securitytracker.com/id/1029876 http://secunia.com/advisories/56440 http://secunia.com/advisories/59178
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.